CVE-2018-4333
Description
A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A validation issue in Apple's Accounts (iOS) and Bluetooth (macOS) lets a local app read a persistent account identifier, fixed with improved input sanitization.
Vulnerability
A validation issue exists in Apple's Accounts framework on iOS and Bluetooth on macOS, allowing a local application to read a persistent account identifier. The issue was addressed with improved input sanitization and entitlements. Affected versions: iOS prior to 12, macOS prior to 10.14 [1][2].
Exploitation
An attacker requires a local app installed on the device. The app can read the persistent account identifier without proper entitlements or user interaction. No network access is needed; only local execution context is required [1][2].
Impact
Exploitation leads to information disclosure of a persistent account identifier, which could be used for tracking or further attacks [1][2].
Mitigation
Fixed in iOS 12 (released September 17, 2018) and macOS Mojave 10.14 (released September 24, 2018). Users should update to these versions or later. No workarounds are documented [1][2].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: <12
- Range: <10.14
- Range: <12
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- support.apple.com/kb/HT209106mitrex_refsource_MISC
- support.apple.com/kb/HT209139mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.